Infineon: Switch to 1.9.0 code base, add xmc7000 family support, refactor memory layer
diff --git a/boot/bootutil/src/fault_injection_hardening.c b/boot/bootutil/src/fault_injection_hardening.c
index 5e818c6..4dcbdd9 100644
--- a/boot/bootutil/src/fault_injection_hardening.c
+++ b/boot/bootutil/src/fault_injection_hardening.c
@@ -1,59 +1,52 @@
/*
- * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) 2020-2021, Arm Limited. All rights reserved.
*
- * Copyright (c) 2020 Arm Limited
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
*/
#include "bootutil/fault_injection_hardening.h"
-#ifdef FIH_ENABLE_DOUBLE_VARS
-/* Variable that could be (but isn't) changed at runtime to force the compiler
- * not to optimize the double check. Value doesn't matter.
- */
-volatile int _fih_mask = FIH_MASK_VALUE;
-fih_int FIH_SUCCESS = {FIH_POSITIVE_VALUE, FIH_MASK_VALUE ^ FIH_POSITIVE_VALUE};
-fih_int FIH_FAILURE = {FIH_NEGATIVE_VALUE, FIH_MASK_VALUE ^ FIH_NEGATIVE_VALUE};
-#else
-fih_int FIH_SUCCESS = {FIH_POSITIVE_VALUE};
-fih_int FIH_FAILURE = {FIH_NEGATIVE_VALUE};
-#endif /* FIH_ENABLE_DOUBLE_VARS */
-
#ifdef FIH_ENABLE_CFI
+fih_uint fih_cfi_ctr = FIH_UINT_INIT(0u);
-#ifdef FIH_ENABLE_DOUBLE_VARS
-fih_int _fih_cfi_ctr = {0, 0 ^ FIH_MASK_VALUE};
-#else
-fih_int _fih_cfi_ctr = {0};
-#endif /* FIH_ENABLE_DOUBLE_VARS */
-
-/* Increment the CFI counter by one, and return the value before the increment.
- */
-fih_int fih_cfi_get_and_increment(void)
+fih_uint fih_cfi_get_and_increment(uint8_t cnt)
{
- fih_int saved = _fih_cfi_ctr;
- _fih_cfi_ctr = fih_int_encode(fih_int_decode(saved) + 1);
- return saved;
+ fih_uint saved_ctr = fih_cfi_ctr;
+
+ if (fih_uint_decode(fih_cfi_ctr) > UINT32_MAX - cnt) {
+ /* Overflow */
+ FIH_PANIC;
+ }
+
+ fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) + cnt);
+
+ fih_uint_validate(fih_cfi_ctr);
+ fih_uint_validate(saved_ctr);
+
+ return saved_ctr;
}
-/* Validate that the saved precall value is the same as the value of the global
- * counter. For this to be the case, a fih_ret must have been called between
- * these functions being executed. If the values aren't the same then panic.
- */
-void fih_cfi_validate(fih_int saved)
+void fih_cfi_validate(fih_uint saved)
{
- if (fih_int_decode(saved) != fih_int_decode(_fih_cfi_ctr)) {
+ volatile int32_t rc = FIH_FALSE;
+
+ rc = fih_uint_eq(saved, fih_cfi_ctr);
+ if (rc != FIH_TRUE) {
FIH_PANIC;
}
}
-/* Decrement the global CFI counter by one, so that it has the same value as
- * before the cfi_precall
- */
void fih_cfi_decrement(void)
{
- _fih_cfi_ctr = fih_int_encode(fih_int_decode(_fih_cfi_ctr) - 1);
-}
+ if (fih_uint_decode(fih_cfi_ctr) < 1u) {
+ FIH_PANIC;
+ }
+ fih_cfi_ctr = fih_uint_encode(fih_uint_decode(fih_cfi_ctr) - 1u);
+
+ fih_uint_validate(fih_cfi_ctr);
+}
#endif /* FIH_ENABLE_CFI */
#ifdef FIH_ENABLE_GLOBAL_FAIL
@@ -61,10 +54,12 @@
* compiler removing due to non-standard calling procedure. Multiple loop jumps
* used to make unlooping difficult.
*/
-__attribute__((used))
__attribute__((noinline))
+__attribute__((noreturn))
+__attribute__((weak))
void fih_panic_loop(void)
{
+ FIH_LABEL("FAILURE_LOOP");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
@@ -74,5 +69,20 @@
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
+ while (true) {} /* Satisfy noreturn */
}
#endif /* FIH_ENABLE_GLOBAL_FAIL */
+
+#ifdef FIH_ENABLE_DELAY
+void fih_delay_init(void)
+{
+ /* Implement here */
+}
+
+uint8_t fih_delay_random(void)
+{
+ /* Implement here */
+
+ return 0xFF;
+}
+#endif /* FIH_ENABLE_DELAY */